here's another suggestion (referring to the Master Domain Concept!)

I don't know what level of 'solutionproviding' You have Ralf ,
but wouldn't it be natural to place the logon-script
in the repl$-folder of Your Master PDC ?
-> setting replication to his own Netlogon-folder and to every single Resource-Domain-Controler (setting replication interval accordingly to the WAN-Speed)....
Think i remember it correctly when i say that the Resource-Domains trusts the Master Domain?!?!?! (->Years and day since i thought bout that)

Next step would be ammending the Script that it fits all of Your login requests! (in every Domain)... ok that will grow the script to a pair of kbytes , but this is the easiest way to handle.

-> Think of dividing it into several Sections where You can hop to from the start ,
after deciding 'where the User is....

hope this gives a little hint!

Greetings Jochen

P.S.:this Solution must be well-implemented and thought-through

_________________________